[oe-commits] Robert Yang : patch: fix CVE-2015-1196
git at git.openembedded.org
git at git.openembedded.org
Thu Apr 2 11:03:51 UTC 2015
Module: openembedded-core.git
Branch: master-next-1.9
Commit: 166e70e80628c296075d41acd0acf2d1cda441fe
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=166e70e80628c296075d41acd0acf2d1cda441fe
Author: Robert Yang <liezhi.yang at windriver.com>
Date: Wed Mar 25 23:42:34 2015 -0700
patch: fix CVE-2015-1196
A directory traversal flaw was reported in patch:
References:
http://www.openwall.com/lists/oss-security/2015/01/18/6
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
https://bugzilla.redhat.com/show_bug.cgi?id=1182154
[YOCTO #7182]
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-devtools/patch/patch.inc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/patch/patch.inc b/meta/recipes-devtools/patch/patch.inc
index 332b97a..d306403 100644
--- a/meta/recipes-devtools/patch/patch.inc
+++ b/meta/recipes-devtools/patch/patch.inc
@@ -4,7 +4,10 @@ produced by the diff program and applies those differences to one or more \
original files, producing patched versions."
SECTION = "utils"
-SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz \
+ file://patch-CVE-2015-1196.patch \
+ "
+
S = "${WORKDIR}/patch-${PV}"
inherit autotools update-alternatives
More information about the Openembedded-commits
mailing list